Web Application Test
Today, much of the corporate web environments provide a significant user interaction through web applications. For example, applications where the user can ask for information on a database, shopping through catalogs, as well as a long list of utilities.
Attacking these applications is an easy way to get to vital company information and, in many cases, a conventional firewall is not able to offer coverage against this type of attack.
A2SECURE offers comprehensive security review services which are 100% web focused, in order to ensure that their development has been made to avoid possible security errors that an attacker could try to exploit.
To protect the users of the applications: only the legitimate owners can access the application content, the content cannot be modified, it is not possible to modify the application settings, such as product prices, discount codes generation, clients’ database thefts and so on. They are vital controls to ensure the security of a web application, as they are actions that an attacker will try to carry out. Knowing the weaknesses of our applications allows us to protect ourselves.
A web application test consists of simulating an attack against a web application in order to assess its security. This ethical hacking activity mimics the actions of a hacker in a controlled and organized way, using the same tools and the factor of human intelligence in comparison with traditional security scanners.
The validations to be carried out in such projects depend on the scope thereof and may include among others:
- Top 10 OWASP vulnerabilities
- Conventional XSS, SQL injection
- Attempted defacements
- Password cracking
- Session hijacking
- Attacks on application logic such as price change, settings/objects change, discount codes, etc.
We always work closely with our clients providing information at all times about our actions and discoveries. For us, working closely with our clients is the best way to understand and help them.
Web application security testing services are tailor-made projects for our clients. Thus, our work begins and ends where the client requires, either with:
- Technical outcomes report
- Executive reporting
- Presentation of results meetings and workshops
- Training sessions aimed at understanding the deficiencies found
- Remediation period support
- Validation of remediation
The web application audit allows an assessment of the security of public applications and to get an overview of their security through the eyes of an expert.
Thus, it is possible to detect a realistic way of attack and its cause, so that it offers the possibility of eliminating the risks identified in addition to knowing how to mitigate the causes that produced them.
“The security of our IT environment is a concern for us; it is difficult for us to have an overall view of our various hotels and their related facilities. Working with A2SECURE we have that view, and we know how to improve day by day.”
Occidental Hotels Deputy Technical Director of Systems and Communications
“A telecommunications operator for professionals like Neosky, can not only offer the best connections. Giving added value to our services is a necessity and for our clients’ perimeter security we trust in A2SECURE.”
NeoSky Senior Product Manager
“ Like all companies every day we are more dependent on the Internet. Having someone externally valuing our security and helping us to improve is very important for us and that is precisely what A2SECURE offers”
UNIPOST Organization and Systems Director
“ For eDreams, as low-cost flights leader, security is a key issue. That is why we work with A2SECURE”
eDreams ODIGEO CTO
“ A2SECURE has made the work of auditing our network much easier. A2 team takes care of this nightmare”
Azucarera Ebro IT Systems Director
“ We evaluated other partners who could support us in improving our security and we have finally chosen A2SECURE, because it combines the best solution with a very personal and direct support”
Atrapalo IT Director
What makes us different?
A2SECURE has a highly qualified team to develop Ethical Hacking/Pentesting activities supported by various international certifications. But our trademark is our vocation to make our clients understand our results.
A pentesting activity is really useful when the client is able to understand what has been found, the risks it implies and how it has been possible to get there. The latter is the key point: knowing how a successful attack has been possible, understanding if it is necessary to implement additional control and change an internal process that is causing breaches. In short, taking advantage of the exercise transforming it into improvements for the company.